46 lines
No EOL
2.4 KiB
Text
Executable file
46 lines
No EOL
2.4 KiB
Text
Executable file
== Default Configuration
|
|
|
|
When you create a resource server, {{book.project.name}} creates a default configuration for your newly created resource server.
|
|
|
|
The default configuration consists of:
|
|
|
|
* A default protected resource representing all resources in your application.
|
|
* A policy that always grants access to the resources protected by this policy.
|
|
* A permission that governs access to all resources based on the default policy.
|
|
|
|
The default protected resource is called *Default Resource* and you can see it if you click on the `Resources` tab.
|
|
|
|
.Default Resource
|
|
image:../../images/resource-server/default-resource.png[alt="Default Resource"]
|
|
|
|
This resource defines a `Type` namely `urn:my-resource-server:resources:default` and a `URI` `/*`. Here, the `URI` field defines a
|
|
wildcard pattern that tells {{book.project.name}} that this resource represents all the paths in your application. In other words,
|
|
when enabling link:../enforcer/overview.html[Policy Enforcement] for your application, all the permissions associated with the resource
|
|
will be checked before granting access.
|
|
|
|
The `Type` mentioned earlier defines a value that can be used to create link:../permission/typed-resource-permission.adoc[Typed Resource Permissions] that must be applied
|
|
to the default resource or any other resource you create using the same type.
|
|
|
|
The default policy is called *Only From Realm Policy* and you can see it if you click on the `Policies` tab.
|
|
|
|
.Default Policy
|
|
image:../../images/resource-server/default-policy.png[alt="Default Policy"]
|
|
|
|
This policy is a link:../policy/js-policy.html[JavaScript-Based Policy] defining a condition that always grants access to the resources protected by this policy. If you click on this policy you'll see that it defines a rule as follows:
|
|
|
|
```js
|
|
// by default, grants any permission associated with this policy
|
|
$evaluation.grant();
|
|
```
|
|
|
|
Lastly, the default permission is called *Default Permission* and you can see it if you click on the `Permissions` tab.
|
|
|
|
.Default Permission
|
|
image:../../images/resource-server/default-permission.png[alt="Default Permission"]
|
|
|
|
This permission is a link:../permission/overview.html[Resource-Based Permission], defining that a set of one or more policies should
|
|
be applied to all resources with a given type.
|
|
|
|
== Post-Configuration Instructions
|
|
|
|
You are not forced to keep the default configuration if you don't want to. You can remove the default resource, policy, and permission definitions and introduce your own. |